<!DOCTYPE html>
<html lang="en">

<head>
  <meta charset="utf-8">
  <meta http-equiv="refresh" content="0;url=https://owasp.org/www-project-webgoat/" />
  <link rel="canonical" href="https://owasp.org/www-project-webgoat/" />
</head>
<body>
<h1>
  The page been moved to <a href="https://owasp.org/www-project-webgoat/">https://owasp.org/www-project-webgoat/</a>
</h1>
</body>
</html>

<!--<head>-->

<!--  <meta charset="utf-8">-->
<!--  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">-->
<!--  <meta name="description" content="WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities-->
<!--  commonly found in Java-based applications that use common and popular open source components">-->
<!--  <meta name="author" content="WebGoat">-->

<!--  <title>WebGoat</title>-->

<!--  &lt;!&ndash; Bootstrap core CSS &ndash;&gt;-->
<!--  <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">-->

<!--  &lt;!&ndash; Custom fonts for this template &ndash;&gt;-->
<!--  <link href="vendor/font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">-->
<!--  <link href="https://fonts.googleapis.com/css?family=Montserrat:400,700" rel="stylesheet" type="text/css">-->
<!--  <link href="https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic" rel="stylesheet" type="text/css">-->

<!--  &lt;!&ndash; Plugin CSS &ndash;&gt;-->
<!--  <link href="vendor/magnific-popup/magnific-popup.css" rel="stylesheet" type="text/css">-->

<!--  &lt;!&ndash; Custom styles for this template &ndash;&gt;-->
<!--  <link href="css/freelancer.min.css" rel="stylesheet">-->

<!--</head>-->

<!--<body id="page-top">-->

<!--  &lt;!&ndash; Navigation &ndash;&gt;-->
<!--  <nav class="navbar navbar-expand-lg bg-secondary fixed-top text-uppercase" id="mainNav">-->
<!--    <div class="container">-->
<!--      &lt;!&ndash; Brand and toggle get grouped for better mobile display &ndash;&gt;-->
<!--      <div class="navbar-header page-scroll">-->
<!--        <img class="img-responsive" src="img/profile.png" alt="">-->
<!--      </div>-->
<!--    </div>-->
<!--  </nav>-->

<!--  &lt;!&ndash; Header &ndash;&gt;-->
<!--  <header class="masthead bg-primary text-white text-center">-->
<!--    <div class="container">-->
<!--      <div class="row">-->
<!--        <div class="col-lg-12">-->
<!--          <h2 class="text-center text-uppercase mb-5">Learn the hack - Stop the attack</h2>-->
<!--    -->

<!--        </div>-->
<!--      </div>-->
<!--      <div class="row">-->
<!--        <div class="col-lg-8 mx-auto">-->
<!--          <p>WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities-->
<!--            commonly found in Java-based applications that use common and popular open source components.</p>-->
<!--        </div>-->
<!--        <div class="col-lg-8 mx-auto">-->
<!--          <a href="https://github.com/WebGoat/WebGoat/releases" class="btn btn-xl btn-outline-light">-->
<!--            <i class="fa fa-download"></i> Download standalone-->
<!--          </a>-->
<!--          <a href="https://hub.docker.com/r/webgoat/webgoat-8.0/" class="btn btn-xl btn-outline-light">-->
<!--            <i class="fa fa-download"></i> Run using Docker-->
<!--          </a>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </header>-->

<!--  &lt;!&ndash; Portfolio Grid Section &ndash;&gt;-->
<!--  <section class="portfolio" id="portfolio">-->
<!--    <div class="container">-->
<!--      <h3 class="text-center text-uppercase text-secondary mb-0">Learn in 3 steps</h3>-->
<!--      <hr class="star-dark mb-5">-->
<!--      <div class="row">-->
<!--        <div class="col-md-6 col-lg-4 text-center">-->
<!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-1">-->
<!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
<!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
<!--                <i class="fa fa-search-plus fa-3x"></i>-->
<!--              </div>-->
<!--            </div>-->
<!--            <img class="img-fluid" src="img/portfolio/teach.png" alt="">-->
<!--          </a>-->
<!--        </div>-->
<!--        <div class="col-md-6 col-lg-4 text-center">-->
<!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-2">-->
<!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
<!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
<!--                <i class="fa fa-search-plus fa-3x"></i>-->
<!--              </div>-->
<!--            </div>-->
<!--            <img class="img-fluid" src="img/portfolio/assignment.png" alt="">-->
<!--          </a>-->
<!--        </div>-->
<!--        <div class="col-md-6 col-lg-4 text-center" >-->
<!--          <a class="portfolio-item d-block mx-auto" href="#portfolio-modal-3">-->
<!--            <div class="portfolio-item-caption d-flex position-absolute h-100 w-100">-->
<!--              <div class="portfolio-item-caption-content my-auto w-100 text-center text-white">-->
<!--                <i class="fa fa-search-plus fa-3x"></i>-->
<!--              </div>-->
<!--            </div>-->
<!--            <img class="img-fluid" src="img/portfolio/mitigation.png" alt="">-->
<!--          </a>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </section>-->

<!--  &lt;!&ndash; Goals Section &ndash;&gt;-->
<!--  <section class="bg-primary text-white mb-0" id="goals">-->
<!--    <div class="container">-->
<!--      <h3 class="text-center text-uppercase text-white">Goals</h3>-->
<!--      <hr class="star-light mb-5">-->
<!--      <div class="row">-->
<!--        <div class="col-lg-6 ml-auto">-->
<!--          <p class="lead">-->
<!--              Web application security is difficult to learn and practice. Not many people have full blown web applications like online book -->
<!--              stores or online banks that can be used to scan for vulnerabilities. In addition, security professionals frequently need to test -->
<!--              tools against a platform known to be vulnerable to ensure that they perform as advertised. All of this needs to happen in a safe -->
<!--              and legal environment.-->
<!--              -->
<!--                  </p>-->
<!--        </div>-->
<!--        <div class="col-lg-6 mr-auto">-->
<!--          <p class="lead">Even if your intentions are good, we believe you should never attempt to find vulnerabilities without-->
<!--              permission. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security. -->
<!--            In the future, the project team hopes to extend WebGoat into becoming a security benchmarking platform and a Java-based Web site Honeypot.-->
<!--            </p>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </section>-->

<!--   &lt;!&ndash; Contributing Section &ndash;&gt;-->
<!--   <section class="portfolio" id="portfolio">-->
<!--      <div class="container">-->
<!--        <h3 class="text-center text-uppercase text-secondary mb-0">More information</h3>-->
<!--        <hr class="star-dark mb-5">-->
<!--        <div class="row">-->
<!--            <div class="col-lg-4 ml-auto">-->
<!--                <p class="lead">For more information about running WebGoat / FAQ see our <a href="https://github.com/WebGoat/WebGoat/wiki">wiki pages.</a>-->
<!--            </p>-->
<!--          </div>-->
<!--          <div class="col-lg-4 mr-auto">-->
<!--              <p class="lead">Interested in contributing to WebGoat, take a look at our <a href="https://github.com/WebGoat/WebGoat/issues">issues.</a> </p>-->

<!--          </div>-->
<!--        </div>-->
<!--      </div>-->
<!--    </section>-->
<!--  -->

<!--  &lt;!&ndash; Footer &ndash;&gt;-->
<!--  <footer class="footer text-center">-->
<!--    <div class="container">-->
<!--      <div class="row">-->
<!--        <div class="col-md-4 mb-5 mb-lg-0">-->
<!--        </div>-->
<!--        <div class="col-md-4 mb-5 mb-lg-0">-->
<!--          <h4 class="text-uppercase mb-4">Around the Web</h4>-->
<!--          <ul class="list-inline mb-0">-->
<!--            <li class="list-inline-item">-->
<!--                  <a class="btn btn-outline-light btn-social text-center rounded-circle" href="mailto:webgoat@owasp.org">-->
<!--                    <i class="fa fa-fw fa-at"></i>-->
<!--                  </a>-->
<!--            </li>-->
<!--            <li class="list-inline-item">-->
<!--              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://github.com/WebGoat">-->
<!--                <i class="fa fa-fw fa-github"></i>-->
<!--              </a>-->
<!--            </li>-->
<!--            <li class="list-inline-item">-->
<!--                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://stackoverflow.com/search?q=webgoat">-->
<!--                  <i class="fa fa-fw fa-stack-overflow"></i>-->
<!--                </a>-->
<!--              </li>-->
<!--            <li class="list-inline-item">-->
<!--              <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://twitter.com/OWASP_WebGoat">-->
<!--                <i class="fa fa-fw fa-twitter"></i>-->
<!--              </a>-->
<!--            </li>-->
<!--            <li class="list-inline-item">-->
<!--                <a class="btn btn-outline-light btn-social text-center rounded-circle" href="https://owasp.slack.com/messages/#project-webgoat/">-->
<!--                  <i class="fa fa-fw fa-slack"></i>-->
<!--                </a>-->
<!--              </li>-->
<!--          </ul>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </footer>-->

<!--  <div class="copyright py-4 text-center text-white">-->
<!--    <div class="container">-->
<!--      <small>Team WebGoat 2019</small>-->
<!--    </div>-->
<!--  </div>-->

<!--  &lt;!&ndash; Scroll to Top Button (Only visible on small and extra-small screen sizes) &ndash;&gt;-->
<!--  <div class="scroll-to-top d-lg-none position-fixed ">-->
<!--    <a class="js-scroll-trigger d-block text-center text-white rounded" href="#page-top">-->
<!--      <i class="fa fa-chevron-up"></i>-->
<!--    </a>-->
<!--  </div>-->

<!--  &lt;!&ndash; Explain modal &ndash;&gt;-->
<!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-1">-->
<!--    <div class="portfolio-modal-dialog bg-white">-->
<!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
<!--        <i class="fa fa-3x fa-times"></i>-->
<!--      </a>-->
<!--      <div class="container text-center">-->
<!--        <div class="row">-->
<!--          <div class="col-lg-8 mx-auto">-->
<!--            <h3 class="text-secondary text-uppercase mb-0">Explain the vulnerability</h3>-->
<!--            <hr class="star-dark mb-5">-->
<!--            <img class="img-fluid mb-5" src="img/portfolio/lesson.png" alt="">-->
<!--            <p class="mb-5">Teaching is now a first class citizen of WebGoat, we explain explain the vulnerability. Instead of 'just hacking' we now focus on explaining from the beginning what for example a SQL injection is.-->
<!--            </p>-->
<!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
<!--              <i class="fa fa-close"></i>-->
<!--              Close</a>-->
<!--          </div>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </div>-->

<!--  &lt;!&ndash; Assignment modal &ndash;&gt;-->
<!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-2">-->
<!--    <div class="portfolio-modal-dialog bg-white">-->
<!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
<!--        <i class="fa fa-3x fa-times"></i>-->
<!--      </a>-->
<!--      <div class="container text-center">-->
<!--        <div class="row">-->
<!--          <div class="col-lg-8 mx-auto">-->
<!--            <h3 class="text-secondary text-uppercase mb-0">Learn by doing</h3>-->
<!--            <hr class="star-dark mb-5">-->
<!--            <img class="img-fluid mb-5" src="img/portfolio/assignment-example.png" alt="">-->
<!--            <p class="mb-5">During the explanation of a vulnerability we build assignments which will help you understand how it works.</p>-->
<!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
<!--              <i class="fa fa-close"></i>-->
<!--              Close</a>-->
<!--          </div>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </div>-->

<!--  &lt;!&ndash; Mitigation modal &ndash;&gt;-->
<!--  <div class="portfolio-modal mfp-hide" id="portfolio-modal-3">-->
<!--    <div class="portfolio-modal-dialog bg-white">-->
<!--      <a class="close-button d-none d-md-block portfolio-modal-dismiss" href="#">-->
<!--        <i class="fa fa-3x fa-times"></i>-->
<!--      </a>-->
<!--      <div class="container text-center">-->
<!--        <div class="row">-->
<!--          <div class="col-lg-8 mx-auto">-->
<!--            <h3 class="text-secondary text-uppercase mb-0">Explain mitigations</h3>-->
<!--            <hr class="star-dark mb-5">-->
<!--            <img class="img-fluid mb-5" src="img/portfolio/mitigation-example.png" alt="">-->
<!--            <p class="mb-5">At the end of each lesson you will receive an overview of possible mitigations which will help you during your development work.</p>-->
<!--            <a class="btn btn-primary btn-lg rounded-pill portfolio-modal-dismiss" href="#">-->
<!--              <i class="fa fa-close"></i>-->
<!--              Close</a>-->
<!--          </div>-->
<!--        </div>-->
<!--      </div>-->
<!--    </div>-->
<!--  </div>-->

<!--  &lt;!&ndash; Bootstrap core JavaScript &ndash;&gt;-->
<!--  <script src="vendor/jquery/jquery.min.js"></script>-->
<!--  <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>-->

<!--  &lt;!&ndash; Plugin JavaScript &ndash;&gt;-->
<!--  <script src="vendor/jquery-easing/jquery.easing.min.js"></script>-->
<!--  <script src="vendor/magnific-popup/jquery.magnific-popup.min.js"></script>-->

<!--  &lt;!&ndash; Custom scripts for this template &ndash;&gt;-->
<!--  <script src="js/freelancer.min.js"></script>-->

<!--</body>-->

<!--</html>-->